Lucene search
+L

4586 matches found

CVE
CVE
added 2026/05/22 2:11 p.m.334 views

CVE-2026-9256

NGINX Plus and NGINX Open Source expose a vulnerability in the ngx_http_rewrite_module when a rewrite directive uses distinct, overlapping PCRE captures (e.g., ^/((.*))$) and the replacement references multiple captures (e.g., $1$2) in redirects or arguments. An unauthenticated attacker can send ...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References13Affected Software2
OSV
OSV
added 2026/05/22 1:18 p.m.9 views

OESA-2026-2406 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...

9.2CVSS6.5AI score0.61469EPSS
Exploits40References2
RedhatCVE
RedhatCVE
added 2026/05/22 1:6 p.m.16 views

CVE-2026-43618

A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak...

8.1CVSS5.8AI score0.0078EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE Backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, known as GHSL-2020-082...

4.3CVSS6.7AI score0.01077EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-083...

4.3CVSS6.1AI score0.01006EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. Chromium security severity: Low...

6.3CVSS6.6AI score0.00364EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/20 12:50 a.m.18 views

EUVD-2026-31011

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/20 12:50 a.m.12 views

CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-34159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor'...

9.8CVSS6.4AI score0.01126EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflo...

8.1CVSS5.7AI score0.0078EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/19 6:29 p.m.205 views

nginx-rift-private-lab

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

9.2CVSS6.7AI score0.61469EPSS
Exploits40
UbuntuCve
UbuntuCve
added 2026/05/19 3:16 p.m.9 views

CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.1AI score0.00889EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41939

Name of the Vulnerable Software and Affected Versions NGINX JavaScript affected versions not specified Description An issue exists when the 'js fetch proxy' directive is configured with at least one client-controlled NGINX variable, such as $http , $arg , or $cookie , and a location invokes the...

9.8CVSS6.5AI score0.00889EPSS
Exploits0References36
OSV
OSV
added 2026/05/15 8:50 a.m.10 views

BIT-NGINX-2026-42945 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

9.2CVSS6.4AI score0.61469EPSS
Exploits40References34
GithubExploit
GithubExploit
added 2026/05/15 3:5 a.m.149 views

Exploit for CVE-2026-42945

CVE-2026-42945 Actual Risk Assessment Scripts Native risk ass...

9.2CVSS6.3AI score0.61469EPSS
Exploits40
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.13 views

SUSE CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

8.6CVSS6.4AI score0.61469EPSS
Exploits40References16
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.54 views

CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

9.2CVSS0.61469EPSS
Exploits40References1
CVE
CVE
added 2026/05/13 2:12 p.m.404 views

CVE-2026-42945

CVE-2026-42945 affects NGINX Open Source and NGINX Plus via the ngx_http_rewrite_module when a rewrite/if/set directive is followed by a PCRE capture and a replacement containing a question mark. This can cause a heap buffer overflow in the worker process and, on systems with ASLR disabled, poten...

9.2CVSS6.4AI score0.61469EPSS
In wildExploits40References33Affected Software7
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40681

Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source versions 0.6.27 through 1.30.0 Description A heap buffer overflow exists in the ngx http rewrite module of NGINX. The issue occurs when a rewrite directive is followed by a rewrite, if, or set directive and...

9.2CVSS7.7AI score0.61469EPSS
Exploits40References473
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: sane-backends (UTSA-2026-017583)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017583 advisory. An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, su...

4.3CVSS5.8AI score0.01006EPSS
Exploits1References4
Rows per page
Query Builder